UTDC detecting GNAT Radar but not kicking

[[ZSZ]Evil_Dragon]

Found this player logged with corrupt memory witch as the screenshots show is caused by the GNAT Radar.
I have Kick for Corrupt Memory turned off due to the lots of false detections.
Is there a way to make UTDC21 kick for the GNAT Radar?
Maybe like in the past UTDC18 could be set to kick the ITP bot by editing the .ini?

[UTDCv21] +---------------------------------------------------+
[UTDCv21] Client have corrupt memory
[UTDCv21] Player name......:
[UTDCv21] Player IP........: 90.217.110.116
[UTDCv21] Client UT version: v.4.36
[UTDCv21] Client OS........: Microsoft Windows Vistax32 6.0 (Build: 6001)
[UTDCv21] SoftDrv.dll MD5..: DA8D1C3FCD740E85185F11321AB5D3FF
[UTDCv21] Core.dll MD5.....: CCF104341C7452B06295D421167DBA95 (v4.36)
[UTDCv21] Engine.dll MD5...: 7FCED6475943F2457B1483F0AE64EC17 (v4.36creative)
[UTDCv21] Render.dll MD5...: 6F18D6BB2B3DC12D0D2E5AD5CC66586B (v4.36)
[UTDCv21] Galaxy.dll MD5...: F3D4D4D956A3F82B8BFF1BB4958D27A7 (v4.36creative)
[UTDCv21] UTDCx.dll MD5....: E9DE0EE5B80D2CEAD8AC9436D3D5B014
[UTDCv21] MAC hash.........: 2C32FAA187C4814A5E83689D00405E1B
[UTDCv21] Mem NTDLL image..: True
[UTDCv21] Corruption hash..: 8C257A7905CD9DF6A1208597F622CD99
[UTDCv21] Altered addresses: 10B153B8-CEBC48E9/508B018B,10B153BC-80828BFF/80828B30,
[UTDCv21] Date/Time........: 17-10-2008 / 13:00:06
[UTDCv21] +---------------------------------------------------+

http://zszclan.com/UTDCCheatsScreens...6.14.22.25.jpg
http://zszclan.com/UTDCCheatsScreens...6.14.34.02.jpg
http://zszclan.com/UTDCCheatsScreens...7.13.00.06.jpg

[[ZSZ]Evil_Dragon]

nothing?

[thyrex]

i dont think its possible.
i made a panel to view logs and sshots for tammy servers and i added an highlight feature to catch this kind of entry. Thats how Gee and Frixzeh were caught

[PizzaMan]

There should be a blacklist and a whitelist in actionman.ini that could be used for MD5's and hashes. imo.

[[ZSZ]Evil_Dragon]

It's the same problem with the NoName1.2, also shows up only as corrupt memory but isn't kicked for.
2 examples:

[UTDCv21] +---------------------------------------------------+
[UTDCv21] Client have corrupt memory
[UTDCv21] Player name......: Valafar
[UTDCv21] Player IP........: 97.112.107.62
[UTDCv21] Client UT version: v.4.36
[UTDCv21] Client OS........: Microsoft Windows XPx32 5.1 (Build: 2600)
[UTDCv21] OpenGLDrv.dll MD5: 946718A9F62780F43DEB2F1983AF701C
[UTDCv21] Core.dll MD5.....: CCF104341C7452B06295D421167DBA95 (v4.36)
[UTDCv21] Engine.dll MD5...: 30E34C2A9E0EAB908C5DA6F322F4E2D7 (v4.36)
[UTDCv21] Render.dll MD5...: 6F18D6BB2B3DC12D0D2E5AD5CC66586B (v4.36)
[UTDCv21] Galaxy.dll MD5...: CB246E9A387CC002E6EA13264AC0DC08 (v4.36)
[UTDCv21] UTDCx.dll MD5....: E9DE0EE5B80D2CEAD8AC9436D3D5B014
[UTDCv21] MAC hash.........: 3541F504EBB3EA15521739AE4B8CF4E8
[UTDCv21] Mem NTDLL image..: True
[UTDCv21] Corruption hash..: 2E1B7F894E0DB4A34F99939E0750E29B
[UTDCv21] Altered addresses: 10B01268-F70D11DC/13144,
[UTDCv21] Date/Time........: 09-09-2008 / 03:24:11
[UTDCv21] +---------------------------------------------------+
LastPlayed[3104]=97.112.107.62,865459E182CDDBA145E7FB66AF4DE8A4,20 08-09-09 03:56:44,Valafar
http://zszclan.com/UTDCCheatsScreens...9.03.36.07.jpg
http://zszclan.com/UTDCCheatsScreens...9.03.24.13.jpg
http://zszclan.com/UTDCCheatsScreens...9.03.40.42.jpg
http://zszclan.com/UTDCCheatsScreens...9.03.43.58.jpg


[UTDCv21] +---------------------------------------------------+
[UTDCv21] Client have corrupt memory
[UTDCv21] Player name......: SkatemasterJ
[UTDCv21] Player IP........: 222.154.130.66
[UTDCv21] Client UT version: v.4.36
[UTDCv21] Client OS........: Microsoft Windows XPx32 5.1 (Build: 2600)
[UTDCv21] D3DDrv.dll MD5...: DD6E3692F8EAD5E1DF88716024BC25D1
[UTDCv21] Core.dll MD5.....: CCF104341C7452B06295D421167DBA95 (v4.36)
[UTDCv21] Engine.dll MD5...: 30E34C2A9E0EAB908C5DA6F322F4E2D7 (v4.36)
[UTDCv21] Render.dll MD5...: 6F18D6BB2B3DC12D0D2E5AD5CC66586B (v4.36)
[UTDCv21] Galaxy.dll MD5...: CB246E9A387CC002E6EA13264AC0DC08 (v4.36)
[UTDCv21] UTDCx.dll MD5....: E9DE0EE5B80D2CEAD8AC9436D3D5B014
[UTDCv21] MAC hash.........: AF7E5D6C33CF676EB0EB824ACF92030C
[UTDCv21] Mem NTDLL image..: True
[UTDCv21] Corruption hash..: 2E1B7F894E0DB4A34F99939E0750E29B
[UTDCv21] Altered addresses: 10B01268-FF5011DC/13144,
[UTDCv21] Date/Time........: 13-09-2008 / 21:14:49
[UTDCv21] +---------------------------------------------------+
LastPlayed[2899]=222.154.140.8,9E2AEEF88ED0D85842A9D38DA50A6481,20 08-09-13 07:36:32,Xiang,Andie420,SkatemasterJ
LastPlayed[2435]=222.154.130.66,92B353356399CB60E6AB4C5BF77BF935,2 008-09-19 22:33:41,PlAyGiRl,Demonic,SkatemasterJ,Skatemaster A,SuckMyKiss
http://zszclan.com/UTDCCheatsScreens...3.22.20.57.jpg

[LOLING]

Maybe troublesomeone can launch another update to catch this two undetected cheats.

[PizzaMan]

They are not undetected. They are logged as corrupt memory.

[[ZSZ]Evil_Dragon]

Quote:

Originally Posted by PizzaMan

They are not undetected. They are logged as corrupt memory.

Is that sure at least? And can't be a coincidence? Also detecting them by name and then KICK would be better...otherwise all we can do is ban the player by ID or IP - and tell me anything that is easier to change these days...

[PizzaMan]

Quote:

Originally Posted by [ZSZ]Evil_Dragon

Is that sure at least? And can't be a coincidence?

The guy who made the gnatradar posted that it was never ment to bypass UTDC, he only made it to, what was it, "piss of the gnat admins because they think they are 1337" or something like that.

[adminthis]

UTDCv21HASH+

Quote:

This update is based on the "spank the monkey" update to UTDCv21 (here).

HASH+ adds the ability to kick (and optionally ban) players based on their 'Corruption hash', without the need to have bKickForCorruptMemory enabled. According to several individuals on unrealadmin.org this is a useful addition to take action against cheats which are detected by UTDC as memory corruption, but for which players are not removed.

* Ability to specify up to 32 disallowed hashes.
* Show a custom kick message or use the default.
* Fixed several appalling grammatical mistakes ("player have..").

Try me!

[2399Skillz]

Nice job!

[[ZSZ]Evil_Dragon]

WOW that's just great!!!

Thank you very much!

[thyrex]

really appreciate

[thyrex]

here are some hash i collected:

BadHash[0]=8C257A7905CD9DF6A1208597F622CD99
BadHash[1]=2E1B7F894E0DB4A34F99939E0750E29B
BadHash[2]=A123B1D2A55D4FFC3027A9F34BC57F95
BadHash[3]=B43CE4D328C1FE02CF4D88454156D6DA
BadHash[4]=6DF599E3DDC2F61CCF17583810AC510A
BadHash[5]=9C7DF10E1C349217A72AD5C3F8339A07
BadHash[6]=4DBD6C1840291D85E457DC83FC9F4105

[[ZSZ]Evil_Dragon]

Sorry to be a pain, but when I claim someone a cheater I always have to bring "proof" that the log isn't a false one, like corruption or what...

I could identify some of the hashes you posted but could you give more infos on these please?

BadHash[2]=A123B1D2A55D4FFC3027A9F34BC57F95
BadHash[3]=B43CE4D328C1FE02CF4D88454156D6DA
BadHash[6]=4DBD6C1840291D85E457DC83FC9F4105

All I could find in google was that these were already posted anywhere in cheatlogs but not why just that hash should be a cheat.

[thyrex]

BadHash[2]=A123B1D2A55D4FFC3027A9F34BC57F95 (got it from a caught with utdc+ dunno if it can be reproduced with "classic" utdc21)

[UTDCv21] Client have hooked functions
[UTDCv21] Player name......: <VeCtOr>
[UTDCv21] Corruption hash..: 9C7DF10E1C349217A72AD5C3F8339A07 (x22Radar or hook)
[UTDCv21] Altered addresses: 101030AC-E0CCE900/B72EE900,101030B0-B9E9F461/B9E90003,10B013E0-10B01267/CCCCCCCC,

[UTDCv21] Client have corrupt memory
[UTDCv21] Player name......: <VeCtOr>
[UTDCv21] Corruption hash..: A123B1D2A55D4FFC3027A9F34BC57F95
[UTDCv21] Altered addresses: 101030AC-E0CCE900/B72EE900,101030B0-B9E9F461/B9E90003,10B01268-FF5011DC/13144,10B013E0-10B01267/CCCCCCCC,

BadHash[3]=B43CE4D328C1FE02CF4D88454156D6DA Gnat radar (confirmed by sshot, the one of corp|FrixZeh` )

[UTDCv21] +---------------------------------------------------+
[UTDCv21] Client have corrupt memory
[UTDCv21] Player name......: corp|FrixZeh`
[UTDCv21] Corruption hash..: B43CE4D328C1FE02CF4D88454156D6DA
[UTDCv21] Altered addresses: 10B153B8-CEBC48E9/508B018B,10B153BC-80828BFF/80828B30,7C91D94C-6E46BDE9/47B8,7C91D950-300BA93/300BA00,7C91D974-34E99090/49B89090,7C91D978-BA936E44/BA000000,7C91DF5C-8FE99090/91B89090,7C91DF60-BA936E3D/BA000000,7C91E1A8-6CE99090/ADB89090,7C91E1AC-BA936E37/BA000000,

http://forums.tammyservers.co.uk/viewtopic.php?t=380

BadHash[6]=4DBD6C1840291D85E457DC83FC9F4105 Cant remember where i get this one, the only url i find is http://www.unrealadmin.org/forums/ar...p/t-27032.html and as nothing was sure i added it and see if someone complain

[PizzaMan]

adminthis, perhaps you could do this?

Code:

const MAXFILESTOCHECK   = 32; 
var config string Package[32];    
var config string MD5[32];

I gave EvilDragon and a couple of others an edited file, and with your file they wount be able to check those extra packages.

[adminthis]

Quote:

Originally Posted by PizzaMan

I gave EvilDragon and a couple of others an edited file, and with your file they wount be able to check those extra packages.

Just merge your changes with mine. All changes I made are commented with //HASH+ in the source file.

[PizzaMan]

Quote:

Originally Posted by adminthis

All changes I made are commented with //HASH+ in the source file.

The source is not in the archive. I could decompile it, but as I am under the influence, that felt like work. Mind upping it?

[PizzaMan]

Quote:

Originally Posted by adminthis

Just merge your changes with mine.

Forgot to do this. Only thing changed is max 32 checked packages